Your Guide to Becoming CCPA Compliant

by Alison Divis  |  8 |  CCPA , Data Security

Your Guide to Becoming CCPA Compliant image..

 

What is the CCPA?


The California Consumer Privacy Act (CCPA) is a piece of legislation recently approved by Governor Jerry Brown. This regulation is aimed at protecting the rights of California consumers and their data privacy. Learn more about the CCPA here!




What You Need to Know from the Start


The CCPA will apply to businesses that deal with California consumers and meet one or more of the following criteria:

  • Annually earns $25 million or more in revenue
  • Holds more than 50,000 consumers’ personal data
  • Over half the company’s annual revenue is comprised of selling the personal data of consumers 

Businesses that meet these criteria will need to become CCPA compliant by July 1, 2020. These companies will have to reach a number of requirements, including granting customers the right to access their data for free twice annually, the right to delete their data, and the right to opt out of having their data collected. Explore some of these requirements in more depth here.

The transition to becoming CCPA compliant will not be easy. In fact, the transition will likely cost companies $50,000 to $100,000 annually. On top of that, companies that fail to fully comply with the CCPA’s requirements will face fines, lawsuits from consumers, and damage to their corporate reputation.




How to Become CCPA Compliant


As the CCPA requires a 12-month look-back on data for consumers, the ideal place for most companies to start their CCPA compliance projects is by updating their data inventories. This process will be easiest for companies with high-quality data, as this allows for consumer data to easily be identified and managed. When customers ask to view their personal data—which they will be allowed to do twice a year, for free, under the CCPA—companies will need well-managed customer data to meet their requests. 

The ability to view personal data won’t be the only new right that consumers are granted with the introduction of the CCPA. Consumers will also be able to request any data they have posted in the past be deleted. Companies will want to review this right along with several others and ensure their policies are up to date with the new requirements.

Updating company policy to address these new consumer rights is only one step, though. Another critical step for CCPA compliance is fortifying data security. With the CCPA in place, consumers also gain the right to sue companies that lose their personal data to hackers and other data security threats. This adds yet another penalty to companies that are hacked, on top of the obvious harm to corporate reputation and resulting financial setbacks. The goal of this stipulation is to further encourage businesses to ramp up their data security policies and better protect customer data. 

Finally, companies will need to update their third-party agreements. The CCPA restricts the sale of consumer data, a practice that has been extremely prevalent in recent years, by giving customers the ability to opt out of having their personal data sold. This marks a large change in how companies will interact with each other, limiting transactions of consumer data if consumers opt out. Businesses will need to make that shift clear to their business partners before the CCPA goes into effect in order to avoid disruptions to business operations. 


So What?


The CCPA brings with it a lot of change. Companies will need to reconsider their previous approaches to data privacy, data security, company policies, and more, as they become CCPA compliant. These changes will be most manageable if companies have a strong data quality platform in place, allowing them to verify and govern customer data. 

This is an investment that will save businesses time and resources in the future as well, as individuals are demanding businesses be more committed to data privacy. Consumers will rest easier if they know companies are effectively managing and protecting their information. The higher the quality of data, the easier it is to comply with the CCPA, and the higher customer satisfaction will be.



Contact Us